Privacy Policy

Last updated: June 3, 2026

OtherWayAround LLC ("OWA AI", "we", "us", or "our") operates the OWA AI platform (the "Service"). This Privacy Policy explains what information we collect, how we use it, the choices you have, and how we protect it. We serve customers globally and have written this policy to comply with the EU GDPR, UK GDPR, and the California Consumer Privacy Act (CCPA / CPRA).

By using the Service, you agree to this Privacy Policy.

1. Who we are

Data Controller: OtherWayAround LLC Address: 74 E Glenwood Ave, Unit #5435, Smyrna, DE 19977, USA Contact: operations@otherwayaround.co

For any privacy question, data access, or deletion request, please email operations@otherwayaround.co.

2. Information we collect

2.1 Account information

When you create an account, we collect:

• First and last name
• Business email address
• Authenticated session credentials (passwords are hashed and never stored in plain text)
• Company and role information you choose to provide

2.2 Billing information

We do not store payment card details on our systems. Payments are processed by Stripe, our PCI-DSS-compliant payment provider. We retain only limited billing metadata (such as the last four digits of your card, billing country, plan, and transaction status) needed to administer your subscription.

2.3 Customer Data you connect to the Service

To deliver our analytics and growth-intelligence features, you may authorise OWA AI to access data from third-party platforms you connect, including:

• Apple App Store Connect — app metadata, store listings, sales reports, and app analytics
• Apple Search Ads — campaign performance, spend, keywords, impressions, taps, and installs
• Mobile Measurement Partners (MMPs) — attribution and performance data. If MMP exports include device-level identifiers (such as IDFA or IDFV), we treat them as Personal Data and apply the protections described in this Policy.

We collectively refer to this information as "Customer Data". You remain its owner and controller; OWA AI processes it on your behalf as a processor under your instructions.

2.4 Public market data

We use publicly available app-store and market-intelligence data to generate benchmarks, competitive insights, and search-volume estimates. This information is not tied to your identity.

2.5 Usage and technical data

We automatically collect a limited set of technical information to operate and secure the Service:

• IP address and approximate location
• Browser type, device, and operating system
• Pages viewed, features used, and timestamps
• Diagnostic logs and error reports

2.6 Cookies and similar technologies

We use strictly necessary cookies to keep you signed in and to remember your preferences, and limited analytics cookies to understand product usage. On our public marketing website we also use the visitor-identification technologies described in section 2.7. See our Cookie Notice for full details and controls.

2.7 Website visitor identification (marketing site)

On our public marketing website, we work with third-party data partners to identify business visitors so we can improve our marketing and tailor relevant communications. We want to be transparent about how this works:

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email address. We (or service providers acting on our behalf) may then send communications and marketing to these email addresses. You may opt out of receiving this type of advertising and communications at any time by visiting https://app.retention.com/optout.

This visitor-identification activity applies only to our public marketing website. It does not apply to authenticated use of the Service, and it is not used to process your Customer Data.

3. How we use information

We process the data described above to:

• Provide, operate, secure, and improve the Service
• Authenticate users and protect accounts from unauthorised access
• Generate analytics, recommendations, and AI-generated insights for your apps
• Provide customer support and respond to inquiries
• Send service-related communications (account, security, billing)
• Identify business visitors to our marketing website and send relevant communications, as described in section 2.7
• Detect, prevent, and respond to fraud, abuse, or security incidents
• Comply with legal and regulatory obligations

We do not sell your Personal Data. We do not use Customer Data to train third-party AI models, and we do not allow our AI providers to do so either.

4. Legal bases (GDPR / UK GDPR)

Where GDPR or UK GDPR applies, we rely on the following legal bases:

• Contract — to provide the Service you signed up for
• Legitimate interests — to secure the platform, prevent abuse, and improve the Service
• Legal obligation — to comply with applicable laws and regulations
• Consent — where required (e.g. non-essential cookies, website visitor identification, and marketing communications)

You can withdraw consent at any time without affecting the lawfulness of prior processing.

5. How we share information

We share data only with the categories of recipients listed below, and only as necessary to deliver the Service.

5.1 Sub-processors

We engage a limited number of vetted service providers ("sub-processors") to operate the Service. Each is bound by a written data-processing agreement and appropriate technical and organisational safeguards.

A current list of named sub-processors is available on request at operations@otherwayaround.co. Material changes to this list will be communicated to customers in advance where required.

5.2 Other disclosures

• Legal compliance — when required by law, court order, or a valid government request
• Business transfers — in connection with a merger, acquisition, or sale of assets, with notice
• With your consent — for any other purpose you authorise

We do not sell or rent Personal Data to third parties.

6. International data transfers

OWA AI is based in the United States, and certain sub-processors operate globally. If you are located outside the United States, your data may be transferred to and processed in the US and other jurisdictions.

For transfers from the EU, UK, or Switzerland, we rely on appropriate safeguards such as the Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and the EU-US Data Privacy Framework where applicable.

7. Security

We apply industry-standard security controls, including:

• Encryption in transit — all traffic is protected with TLS 1.2 or higher
• Encryption at rest — stored data is encrypted using strong, modern algorithms
• Encrypted credentials — third-party API keys you provide are stored using envelope encryption; OWA AI staff cannot read them in plain text
• Access controls — role-based access, least-privilege principles, and audit logging
• Vendor security — sub-processors are reviewed and contractually bound to comparable standards
• Continuous monitoring — automated alerting, vulnerability management, and incident response procedures

No method of transmission or storage is completely secure, but we continuously invest in improving our controls. In the event of a personal-data breach affecting you, we will notify you and the relevant authorities as required by law.

8. Data retention

• Account data — retained while your account is active and for up to 30 days after deletion, unless a longer period is required by law
• Customer Data — retained while your account is active and deleted within 30 days of account closure or written request
• Logs and diagnostic data — typically retained for up to 90 days
• Backups — encrypted backups may persist for up to 90 days before secure deletion

9. Your rights

Depending on where you live, you may have the following rights regarding your Personal Data.

9.1 EU / UK / Switzerland (GDPR / UK GDPR)

• Access — request a copy of your Personal Data
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion ("right to be forgotten")
• Restriction — limit how we process your data
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — at any time
• Lodge a complaint — with your local data protection authority

9.2 California (CCPA / CPRA)

• Right to know what Personal Information we collect, use, and share
• Right to delete Personal Information
• Right to correct inaccurate Personal Information
• Right to opt out of the "sale" or "sharing" of Personal Information (we do not sell or share)
• Right to limit the use of Sensitive Personal Information
• Right to non-discrimination for exercising your rights

9.3 How to exercise your rights

Email operations@otherwayaround.co. We will respond within 30 days (GDPR / UK GDPR) or 45 days (CCPA). We may need to verify your identity before fulfilling a request. To opt out of marketing-website visitor identification specifically, visit https://app.retention.com/optout.

10. Children

The Service is intended for business use and is not directed to anyone under 16. We do not knowingly collect Personal Data from children. If you believe a child has provided us with Personal Data, please contact us and we will promptly delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated by email or in-app notice before they take effect.

12. Contact us

OtherWayAround LLC 74 E Glenwood Ave, Unit #5435 Smyrna, DE 19977, USA Email: operations@otherwayaround.co